From 73334830101e934dd9d1f60ea1a3499c1bf1997b Mon Sep 17 00:00:00 2001
From: Diptesh Choudhuri <ignisda2001@gmail.com>
Date: Sat, 13 May 2023 15:58:54 +0530
Subject: [PATCH] feat(backend): allow setting insecure cookies

---
 README.md                          |  1 +
 apps/backend/src/config.rs         | 12 ++++++++-
 apps/backend/src/users/resolver.rs | 39 ++++++++++++++++++------------
 3 files changed, 36 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index fa5c25d451..371334dd37 100644
--- a/README.md
+++ b/README.md
@@ -106,6 +106,7 @@ builder.
 | `video_games.igdb.image_url`          | The url for getting images from IGDB.                                                                                    |
 | `video_games.igdb.image_size`         | The image sizes to fetch from IGDB.                                                                                      |
 | `web.cors_origins`                    | An array of URLs for CORS.                                                                                               |
+| `web.insecure_cookie`                 | Setting this to `true` will make auth cookies insecure. [More information](https://github.com/IgnisDa/ryot/issues/23#)   |
 
 ## 🤓 Developer notes
 
diff --git a/apps/backend/src/config.rs b/apps/backend/src/config.rs
index 523ef080ce..7fb0552014 100644
--- a/apps/backend/src/config.rs
+++ b/apps/backend/src/config.rs
@@ -189,9 +189,19 @@ impl IsFeatureEnabled for VideoGameConfig {
 #[derive(Deserialize, Debug, Clone, Serialize, Default)]
 pub struct SchedulerConfig {}
 
-#[derive(Deserialize, Debug, Clone, Serialize, Default)]
+#[derive(Deserialize, Debug, Clone, Serialize)]
 pub struct WebConfig {
     pub cors_origins: Vec<String>,
+    pub insecure_cookie: bool,
+}
+
+impl Default for WebConfig {
+    fn default() -> Self {
+        Self {
+            cors_origins: vec![],
+            insecure_cookie: false,
+        }
+    }
 }
 
 #[derive(Deserialize, Debug, Clone, Serialize, Default)]
diff --git a/apps/backend/src/users/resolver.rs b/apps/backend/src/users/resolver.rs
index 476a4c6a71..9cf03750a1 100644
--- a/apps/backend/src/users/resolver.rs
+++ b/apps/backend/src/users/resolver.rs
@@ -20,6 +20,7 @@ use uuid::Uuid;
 
 use crate::{
     background::UserCreatedJob,
+    config::AppConfig,
     entities::{
         audio_book, book, movie,
         prelude::{AudioBook, Book, Metadata, Movie, Seen, Show, Summary, Token, User, VideoGame},
@@ -105,8 +106,13 @@ struct UpdateUserInput {
     password: Option<String>,
 }
 
-fn create_cookie(ctx: &Context<'_>, api_key: &str, expires: bool) -> Result<()> {
-    let mut cookie = Cookie::build(COOKIE_NAME, api_key.to_string()).secure(true);
+fn create_cookie(
+    ctx: &Context<'_>,
+    api_key: &str,
+    expires: bool,
+    insecure_cookie: bool,
+) -> Result<()> {
+    let mut cookie = Cookie::build(COOKIE_NAME, api_key.to_string()).secure(!insecure_cookie);
     if expires {
         cookie = cookie.expires(OffsetDateTime::now_utc());
     } else {
@@ -208,15 +214,17 @@ impl UsersMutation {
             .data_unchecked::<UsersService>()
             .login_user(&input.username, &input.password)
             .await?;
+        let cookie_insecure = gql_ctx.data_unchecked::<AppConfig>().web.insecure_cookie;
         if let LoginResult::Ok(LoginResponse { api_key }) = api_key {
-            create_cookie(gql_ctx, &api_key.to_string(), false)?;
+            create_cookie(gql_ctx, &api_key.to_string(), false, cookie_insecure)?;
         };
         Ok(api_key)
     }
 
     /// Logout a user from the server, deleting their login token
     async fn logout_user(&self, gql_ctx: &Context<'_>) -> Result<bool> {
-        create_cookie(gql_ctx, "", true)?;
+        let cookie_insecure = gql_ctx.data_unchecked::<AppConfig>().web.insecure_cookie;
+        create_cookie(gql_ctx, "", true, cookie_insecure)?;
         let user_id = user_auth_token_from_ctx(gql_ctx)?;
         gql_ctx
             .data_unchecked::<UsersService>()
@@ -330,6 +338,17 @@ impl UsersService {
         for (seen, metadata) in seen_items.iter() {
             let meta = metadata.to_owned().unwrap();
             match meta.lot {
+                MetadataLot::AudioBook => {
+                    let item = meta
+                        .find_related(AudioBook)
+                        .one(&self.db)
+                        .await
+                        .unwrap()
+                        .unwrap();
+                    if let Some(r) = item.runtime {
+                        audio_books_total.push(r);
+                    }
+                }
                 MetadataLot::Book => {
                     let item = meta
                         .find_related(Book)
@@ -341,6 +360,7 @@ impl UsersService {
                         books_total.push(pg);
                     }
                 }
+                MetadataLot::Podcast => todo!(),
                 MetadataLot::Movie => {
                     let item = meta
                         .find_related(Movie)
@@ -376,17 +396,6 @@ impl UsersService {
                         }
                     }
                 }
-                MetadataLot::AudioBook => {
-                    let item = meta
-                        .find_related(AudioBook)
-                        .one(&self.db)
-                        .await
-                        .unwrap()
-                        .unwrap();
-                    if let Some(r) = item.runtime {
-                        audio_books_total.push(r);
-                    }
-                }
                 MetadataLot::VideoGame => {
                     // nothing to calculate
                     continue;